Skip to content

Instantly share code, notes, and snippets.

@MrJaba

MrJaba/signed_request.rb

Created May 5, 2011 15:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MrJaba/957204 to your computer and use it in GitHub Desktop.
Save MrJaba/957204 to your computer and use it in GitHub Desktop.
Download ZIP
Facebook signed_request verification
Raw
signed_request.rb
require 'openssl'
require 'base64'
def verify_facebook_request
signed_request = params[:signed_request]
raise ActionController::InvalidAuthenticityToken.new("Invalid Facebook Request") unless signed_request.present? && valid_facebook_signature?(signed_request)
end
def valid_facebook_signature?(signed_request)
signature, encoded_data = signed_request.split(".")
expected_signature = base64_url_decode(signature)
computed_signature = OpenSSL::HMAC.digest('sha256', Facebook::Config::APP_SECRET, encoded_data)
expected_signature == computed_signature
end
def base64_url_decode(str)
str.chomp!
str += ('=' * (4 - str.length.modulo(4)))
Base64.decode64(str).gsub("-", "+").gsub("_","/")
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment